So I'm writing a project using Symfony + Sylius. I have a form which gets submitted via ajax to a /{paymentId}/pay route, this in turn calls the payum controller which handles the payment and sends a redirect to /payment/capture/{token} which then redirects again to display a card details form, this card details form is loaded in an iFrame. However, the route for /payment/capture is served via http and therefore never appears in the iFrame due to this error:
Mixed Content: The page at 'https://www.example.com/checkout/complete' was loaded over HTTPS, but requested an insecure form action 'http://www.example.com/payment/capture/SOMETOKENVALUE'. This request has been blocked; the content must be served over HTTPS.
How can I force the payment/capture route to server https? I've tried a few things such as adding
<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
to my templates and setting the scheme requirement in my order.yml:
sylius_shop_order_pay:
path: /{paymentId}/pay
methods: [GET]
defaults:
_controller: sylius.controller.payum:prepareCaptureAction
requirements:
_scheme: https
_sylius:
redirect:
route: sylius_shop_order_after_pay
sylius_shop_order_after_pay:
path: /after-pay
methods: [GET]
defaults:
_controller: sylius.controller.payum:afterCaptureAction
requirements:
_scheme: https
However since the actual /payment/capture route is generated at run time, I'm not sure if I can force it onto https.
I have also tried via access control:
access_control:
- { path: ^/payment, role: ROLE_NO_ACCESS, requires_channel: https}
Any help would be greatly appreciated. Thanks
EDIT:
complete.html.twig:
{{ form_start(form, {'action': path('sylius_shop_checkout_complete'), 'attr': {'class': 'ui loadable form final-step', 'novalidate': 'novalidate', 'target' : 'card-details'}}) }}
{{ form_errors(form) }}
<input type="hidden" name="_method" value="PUT" />
{% include 'SyliusShopBundle:Common/Order:_summary.html.twig' with {'edit': true} %}
{{ form_row(form._token) }}
{{ form_end(form, {'render_rest': false}) }}
<iframe width="100%" height="670px" name="card-details" style="border: none;"></iframe>
checkout.js:
let form = jQuery("form[name='sylius_checkout_complete']");
if (form.length) {
form.submit()
}
Related
I'm trying to build Login form popup and I want to render LoginAction controller in twig.
I'm getting error like:
An exception has been thrown during the rendering of a template ("Template is not configured.").
My twig template:
{{ render(controller('SyliusUserBundle:Security:login'))}}
And in Security.yml
sylius_shop_login:
path: /login
methods: [GET]
defaults:
_controller: sylius.controller.security:loginAction
_sylius:
template: "#SyliusShop/login.html.twig"
logged_in_route: sylius_shop_account_dashboard
How to include template in twig controller render?
Edit:
Any other better approach to show login form in popup? My plan is to include custom_login.html.twig in Layout twig using render(controller('SyliusUserBundle:Security:login')). But not able to send specific twig templete to controller.
I have a problem with generating relative URL in symfony 2.7 project
My project is hosted behind a proxy that redirect URL to the target VM, like this - example.com/oblounge/bo/ to vmhostname/
All my URL are generated in relative
Here is my problem
For example when I'm on this page
http://example.com/oblounge/bo/admin/articles/actualite?section=127
All generated likns are malformated, the "/admin/articles" is duplicated
http://example.com/oblounge/bo/admin/articles/admin/articles/actualite?section=127
Note: The problem is occurred only for rendered controllers
The render action
{{ render(controller('AppBundle:Back/Article/Article:sectionsArticle', { 'rubric': 'actualite' })) }}
The rendered twig
{% for section in sections %}
<li><i class="fa fa-circle-o"></i>{{ section.name }}</li>
{% endfor %}
My routing.yml
app:
resource: "#AppBundle/Controller/"
type: annotation
The prefix of my admin controller
/**
* #Route("/admin")
*/
class ArticleController extends BaseArticleController
{
I would suggest you give a look at your routing.yml file that is referenced within your bundle.
If you've already defined a prefix for the route in the routing.yml of you app/config there is no need to repeat it in the routing of your bundle , otherwise there will be a duplication of prefixes as in your case.
Example:
This is the routing.yml in the App\config folder
tutoLexikTestBundle_parents:
resource: "#tutoLexikTestBundle/Resources/config/routing/parents.yml"
prefix: /parents
And this is the one of the bundle
parents_show:
path: /{id}/show
defaults: { _controller: "tutoLexikTestBundle:Parents:show" }
I don't need to repeat the prefix 'Parents' in the path
I'm adding a language switcher on my website.
my parameters are like this :
avc_coming_soon:
resource: "#AVCComingSoonBundle/Controller/"
type: annotation
prefix: /{_locale}
defaults:
_locale: en
requirements:
_locale: |fr
en is set by default
In my twig, I did that:
<div class="languages">
<ul class="lang-menu">
<li class="en"><img src="{{ asset('images/flag_en.gif') }}" alt="EN"></li>
<li class="fr"><img src="{{ asset('images/flag_fr.gif') }}" alt="FR"></li>
</ul>
</div>
But when I click on 'English', my path become www.mysite.com/en or the good route is www.mysite.com/ (without the /en) because in parameters, I have this :
defaults:
_locale: en
How to get the default _locale in twig ?
{{ path(app.request.get('_route'), {'_locale': <<<default>>> }) }}
thank you :)
You need to use app.request.attributes:
{{ path(app.request.get('_route'), {'_locale': app.request.attributes.get('_locale') }) }}
If you have configuration in controller you need to set default value in function parameter:
/**
* #Route("/", name="coming_soon", options={"expose"=true}, requirements={"_locale" = "fr|en"})
*/
public function indexAction($_locale = 'en')
{
...
}
I use this bundle: https://github.com/schmittjoh/JMSI18nRoutingBundle
Thanks to the bundle I never have to mess with locales..
You can configure the bundle to prefix everything except the default locale (which is what you wan't, reading the comments to the other answer).
And for the language switcher you simply set the _locale on any given route.
when using '%locale%' parameter from service.yaml the value in twig file does not change using subscriber. Using this code works for me:
app.request.session.get('_locale')
I'm using Symfony , I wanna redirect the user to a specific frame in a page
So How can i translate this <a href="index.html#about"/> to twig ? I tried <a href="{{path('pl_index')}}#about"/> but it doesnt work
in twig you can use {{path('_welcome') }} and it will send you to your home index, check your route.yml and you can see what are the paths generated by symfony.
for example this is my config.yml:
//savabundle config.yml
sava_inventario_construccion:
path: /productos/construccion
defaults: { _controller: savaInventarioBundle:Inventario:construccion }
sava_inventario_index:
path: /productos/
defaults: { _controller: savaInventarioBundle:Inventario:index }
if i want to generate www.mypage.com/productos/construccion#about link, this is what my html should look like
<a href="{{path('sava_inventario_construccion') }}#about"/>
you can read more in here
http://symfony.com/doc/current/book/templating.html
I've just setup varnish and i've done some tests on port 8080 before switching in production.
I've noticed that if i'm on a cached page :
/**
* #Cache(smaxage="10800")
* #Route("/{_locale}/", name="homepage2", requirements={"_locale" = "en|fr"})
* #Template()
*/
public function indexAction()
{
return array();
}
And I try to login (not using external services, but with normal login) via the component included via an ESI
{% render "GamerCertifiedHomeBundle:Home:login" with {}, { 'standalone': true } %}
It ends up redirecting me on a page with no style and no head with the url ...:8080/_internal/secure/MyBundleHomeBundle:Home:login/none.html
Step1 Screenshot / Step2 Screenshot
If I go back on the homepage, i'm logged in.
How can I avoid that please ?
EDIT :
Apache2.conf
Apache vhost
Varnish VCL
After analyzing the problem in the chat I found that _target_path for security successful redirect is generated in form in the next way:
<input type="hidden" name="_target_path" value="{{ app.request.uri }}" />
And since this part is rendered with standalone view - it has specific uri (with _internal prefix).
You can avoid this by applying changed logic for your app.request.uri injection.
Pass it to controller:
{% render yourAction with {'uri': app.request.uri}, {'standalone': true} %}
In your controller just pass it to your view
public function yourAction ($uri)
{
...
return array('uri' => $uri);
}
Use it in your template
<input type="hidden" name="_target_path" value="{{ uri }}" />
Enjoiy! ;)